New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FS#2770 - prevent <file> and <code> syntax regex matching too much #241
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… which start '<file' or '<code'
👍 for unit tests |
This replaces the deprecated and broken Blowfish implementation that has previously been used and should provide a lot more security.
Added an explanation that what we do is like normal CBC but that we additionally encrypt the IV which is actually suggested by the NIST for non-random (but unique) IVs. In the decryption process it's not necessary to decrypt the IV, this should save some time.
This adds a new parameter to ft_backlinks() to ignore permissions which is needed for invalidating the cache of linking pages with useheading enabled. This also adds various test cases for ft_backlinks().
The refshow configuration option wasn't used as described anymore already in the latest release and after the introduction of the media usage index the parameter is also no longer relevant for internal optimization. The only place where it was still used is the no longer used search_references()-function which is removed here, too.
…rofile form. The current message confusingly mentions bad 'username' when username is not involved. The new message is the same as that introduced for an incorrect current password on the self delete profile form (FS#2751)
code - test correct recognition of downloadable filename token file - test correct recognition of syntax name & downloadable filename tokens
Chris--S
added a commit
that referenced
this pull request
Aug 1, 2013
FS#2770 - prevent <file> and <code> syntax regex matching too much
splitbrain
added a commit
that referenced
this pull request
Apr 9, 2020
When looking at a page's old revsion (or diff) a now assigned schema may not have existed at the the time of the given revision. This caused a fatal error. Now such exceptions are ignored.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Both
<file>
and<code>
parser regex will match tokens which start'<file'
or'<code'
. The patch adds a word boundary into the regex to prevent overmatching.[ Before merging, might be an idea to add unit tests for both and
syntax modes ]